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Open-source 
software  throws 
a  wrench  into 
traditional  evaluation 
processes.  Here’s 
what  to  look  for. 


VMware  virtualization 
has  saved  businesses 
billions  of  dollars. 


Here’s  how  we’re 
going  to  save  them 
billions  more. 
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!4  Open-source  software  is  tree,  flexible  and  adaptable,  but  lax  oversight 
can  obliterate  the  benefits.  Read  about  how  IT  is  keeping  track. 


Spring  Training  for  Bl  Experts 

28  How  do  you  make  it  to  the  data  scientist  big  leagues?  There’s  no 
one  right  path.  Instead,  it’s  largely  a  scramble  out  there  on  the  big  data  field. 
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HeadsUp 


Harvard  Pushes  for  cheaper  Solar  Panels 


in  «  MOVE  that  it  hopes  will  help  usher  in 
an  age  of  kmr-cost  solar  power.  Harvard 
University’s  Clean  Energy  Project  (CEP) 
in  June  plans  to  release  a  list  of  20,000 
organic  compounds  that  could  be  used  to  make 
cheap,  printable  photovoltaic  cells  (PVC). 

The  list,  which  the  CEP  will  inal«  available 
to  solar  power  developers,  could  lead  to  the 
development  of  very  low-cost  PVCs.  Using  the 
compounds,  a  PVC  that  covers  1  square  meter 
would  cost  about  the  same  as  the  paint  needed 
to  cover  the  same  area,  according  to  Harvaid. 

The  CEFs  data  “will  ultimately  beneht 
mankind  with  cleaner  energy  solutioos,'  said 
Alan  Aspuru-Guzik,  a  Harvard  associate  pro¬ 
fessor  of  chemistry  and  chemical  biology. 

Today,  the  most  popular  PVCs  are  made  of 
silicon  and  cost  abM  $5  per  wafer  to  produce. 
For  a  solar  energy  technology  to  be  competi¬ 


tive,  each  wafer  would  need  to  cost  about  50 
cents,  according  to  Aspuru-Guzik. 

The  compounds  on  the  CEP's  list  could  also 
improve  the  solar  conversion  rates  of  PVCs.  Cur¬ 
rently,  the  top  striar  conversion  rate  of  silicon 
PVCs  is  about  12%,  meaning  that  only  12%  of 
the  light  that  hits  them  is  converted  to  energy. 

The  CEP  uses  IBM’s  World  Community 
Grid  —  which  relies  on  the  spate  processing 
power  of  around  6,000  computers  all  over  the 
world  —  in  its  search  fm-  the  best 
molecules  for  oiganic  [dK>tovolta- 
ics,  as  well  as  the  best  ways  to 
assemble  the  molecules  to  build 
inexpensive  solar  cells. 

Harvard  has  built  data  storage  systems 
with  a  capacity  of  about  400TB  to  capture  the 
results  of  the  computations. 


never  do  anything  different,  and  they 
run  into  problems  for  that  reason." 

During  the  conference  call,  finan¬ 
cial  analysts  asked  how  Google  will 
monetize  new  products  such  as 
Google  Now,  which  functions  as  a 
kind  of  personal  digital  assistant  to 
automatically  give  users  informa¬ 
tion  as  they  go  about  their  day. 

"I’m  not  worried  about  that."  Page 
said.  "The  better  the  job  we  can  do 
in  providing  users  with  informa¬ 
tion  without  their  asking  for  it,  the 
better  we  can  provide  commercial 
information  from  people  who  are 
excited  about  pro- 
motingit." 

For  the  latest 
quarter,  Google’s 
sales  rose  by  31%  to  about  $14  bil¬ 
lion.  driven  partly  by  strong  gains  in 
advertising  revenue. 


Tech  Execs  Say  H-IB  Checks  May  Help 

6AIIIST  A  MCKDIIOP  of  cornfields  L-i  workers  to  50%  of  an  employer's  workf 


oSshore,  that  is  a  positive  for  us,”  he  said.  Keane,  firnner  CEO  of  a  $1  billion  IT  sei 

The  bill  could  create  challenges  for  o&hore  company  that  hore  his  name, 
outsourcers  by  eventually  limiting  H-iB  and  -Patrick  Hi 
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NEWS  ANALYSIS 


Business-Savw  IT  Pros 
Key  in  Down  Economy 

IT  workers  increasingly  need  to  have  business  acumen 
along  with  technical  skills  so  they  can  better  help  struggling 
companies  boost  the  bottom  line.  By  Fred  O’Connor 
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Security  Tools  Can’t 
Keep  Hackers  at  Bay 

Analysts  say  hidden  breaches  like  one  that  exposed  credit 
card  data  of  Schnucks  supermarket  customers  for  four 
months  could  become  commonplace.  By  Jaikumar  Vijayan 


legitimate  Hies  and  encrypting  data  to 
evade  detection,  she  said.  "They  cloak 
their  malware  or  hide  it  within  seemin^y 
innocuous  files  so  that  it  s  very  difficult  to 
detect,”  she  said. 

"[Todays]  network  and  enterprise  secu¬ 
rity  tools  are  not  smart  enough  to  detect 
the  hacking  when  it  occurs,"  and  they 
might  not  even  uncover  such  activity  in  a 
matter  of  hours  or  even  days,  Litan  said. 

“What's  needed  —  and  what  some  tech 
startups  are  working  on  —  is  behavioral 
modeling,  baselining  and  profiling  of  all 
nodes  and  communication  ports  in  an 
internal  networic,”  she  said,  adding  that 
such  tools  would  be  able  to  detect  abnor¬ 
mal  activity  and  communications  that 
occur  for  as  little  as  a  few  seconds  a  week. 

But  developing  such  tools  is  a  chal¬ 
lenge.  "This  is  difficult  to  pull  off  without 
a  lot  of  false  positives  and  noise  in  the 

Jim  Huguelet,  principal  of  the  Huguelet 
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James 

Turnbull 

This  CIO  sees  new 
opportunities  for 
patient  care  with 
mobile  solutions. 

Family;  'I'm  recently  engaged, 
and  each  of  us  has  one  son 
and  one  daughter.' 
what’s  your  f  avorne  tech  toy? 
A  Taylor  acoustic  guitar 


Are  you  ever  completely 
unplugged?  'Yes.  very  deliberately, 
when  I’m  running,  skiing, 
golfing  and  motorcycling.' 

Neat  career  step;  Retirement 
Is  there  something  interesting 
that  people  don’t  know  about  you? 
'My  last  job  before  healthcare 
I  was  working  2.200  feet 
underground  in  a  nickel  mine  in 
northern  Canada.  The  healthcare 
field  looked  better  from  down  there.' 


AS  A  HEALTHCARE  CIO.  Jim  Turnbull  promotes  the  use  of  technology  as  a  tool  to 
improve  core  and  reduce  potlent  costs.  He  has  guided  IT  initiatives,  including  the 
deployment  of  electronic  medical  records  and  computerized  physician  order-entry 
systems,  at  several  healthcare  organizations.  Now  CIO  at  University  of  Utah 
Health  Care  in  Salt  Lake  City,  Turnbull  was  recently  named  the  2012  John  E.  Gall  Jr.  CIO  of 
the  Tear  by  the  College  of  Healthcare  Information  Management  Executives  and  the  Health¬ 
care  Information  and  Management  Systems  Society.  Here  he  shares  his  thoughts  on  houi  IT  is 
changing  healthcare  and  how  he’s  guiding  IT  transformation  at  UUHC. 

What  has  bSM  ymir  Mnast  saccass  as  CM)  at  UUHC?  It's  working  with  the  team  that 
was  here  when  I  arrived  and  having  them  deliver  excellent  results.  We  focused  on 
some  cote  disciplines,  getting  a  good  security  plan  in  place,  implementing  the  disci¬ 
pline  of  ITIL  and  project  management,  and  really  ramping  up  our  game  on  that  side. 
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THE  GRILL  |  JAMES  TURNBULL 


We  focused  on  what  we  call  stj 
—  or  strategically  aligned  tn 
a  big  focus  on  lecmitme 


nt  and  retention,  customer 
advocacy  and  focusing  on  tracking,  measuring  and 
communicating  our  results. 

IS  It  difficult  to  Inherit  a  team?  In  my  experience — 
and  I’ve  worked  at  four  healthcare  organizations  —  the 
typical  thing  I  find  when  I  walk  in  is  there  tends  to  be  a 
high  level  (rf  dissatisfoction  with  IT  bom  other  parts  of 
the  organization.  That's  something  I  feh  when  I  walked 
in  here.  1  found  that,  rather  than  replacing  the  team, 
there's  a  lot  of  talent  here  and  it  was  a  matter  of  getting 
them  aligned  and  getting  them  back  to  the  basics. 


ofy  dallMfe  you’ve  faced  at 
UUHC?  We  have  a  main  campus 
and  a  health  sciences  campus. 
There's  the  more  traditkmal  uni¬ 
versity  and  adjacent  to  it  is  the 


includes  the  hospital  and  soi 
of  our  research  clinics  as  well  as 
the  schoeds  of  medicine,  nursing, 
pharmacy  and  allied  health.  The 


got  here,  we  realized  we  had  an 
opportunity  to  brii^  those  two 
teams  together,  but  the  next 
challenge  was  to  bring  the  data 


got  together  and  came  up  with  85  recommendations 
on  how  we  could  address  the  issue.  They  wanted  to  do 
a  community  day  of  service  event,  do  things  socially 
together,  have  broader  recognition  opportunities.  They 
gave  us  the  tc^  10  (to  implement  as  a  start].  It's  the 
reason  that  one  recent  cpiarter  we  had  zero  turnover, 
and  for  four  quarters  our  turnover  is  under  6%.  Our 
annual  turnover  in  the  broader  organization  is  about 
15%.  You  can  feel  the  change  in  morale.  We  sUyed 
with  the  first  10  they  brought  us,  and  now  we're  biting 
off  the  next  10. 

What’s  the  top  IT  InitMIvc  you  now  have  on  your 
plate?  We're  trying  to  move  to  a  sin^vendor  solution. 

We  laid  the  groundwork  for 
that,  but  we're  about  14  months 
away  from  doing  a  major 
conversion  for  our  in-patient 
applications.  We'll  turn  off  all 
our  legacy  applications  and  turn 
over  to  that.  Our  budget  is  about 
$46  million  to  do  that. 


moving  seven  separate  data 
centers  on  campus  to  a  single 
data  center.  As  you  can  imagine, 
that's  a  pretty  complex  process. 
From  beginning  to  end  it  was 
about  a  three-year  process,  and 
it  was  completed  without  any 


What  about  the  Mnestnon- 


gettii^  buy-in  for  the  develop- 


The  action 
is  shifting 
I  quickly 
^  to  mobile 
health  solutions  with 
much  greater  involve¬ 
ment  of  the  patients  in 
their  healthcare. 


much  greater  involvement  of 
the  patients  in  their  healthcare. 
It’s  just  an  incredibly  exciting 
opportunity,  and  all  types  of 
applications  are  being  devel- 
<^>ed  that  ate  smartphone-  or 
t^let-based.  I  think  most  of  us 
have  the  environments  in  place 
technologically  to  support  it, 
but  it’s  a  very  different  focus.  It's 

It’s  having  them  hooked  into  us. 


a  strategic  plan  for  IT,  staying 
focused  on  that  plan  and  reaching  a  stage  where  the 
organization  had  a  great  deal  of  confidence  in  our  IT 
organization  based  on  our  delivery  of  results.  There 
was  a  fair  degree  of  skepticism  that  the  IT  team  could 
work  together  with  the  rest  of  the  organization  and 
deliver  on  the  plan.  But  now  there’s  very  little  disagree¬ 
ment  within  the  organization  that  we  did  that. 

How  do  you  recruit  and  retain  lop  talent?  Our 

leadership  team  in  IT  feh  that  the  people  best  able  to 
answer  that  is  our  team.  So  we  organized  a  committee 
without  any  senior  leadership  on  h.  About  15  of  them 


$?  Part  of  it 
is  getting  that  initial  traction 
ad  having  some  great  use  cases  to  demonstrate  the 
enefits.  It’s  been  fun  to  see  the  doctors  so  engaged  and 
aving  our  team  work  so  collaboratively. 


a  many  apps  out 

there  for  healthcare  right  now  it’s  just  unbelieva^. 
There’s  not  a  day  that  goes  by  that  I  don’t  bump  into 
someone  using  a  smartffoone  app  for  health  or  fitness. 
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IHORNTDNA.MAY 


It  is  virtually 
impossible  to 
find  all  the 
necess^ 
analyty 
skills  in  one 
human  beii^ 


is  author  of  rAeWm 
Know:  Innoyation 
Powered  by  Analytics 
and  executive  director 
of  the  IT  Leadership 
Academy  at  Florida 
State  College  in 
Jacksonville.  You 


Stalking  the  Elusive 
Data  Scientist 


I  HE  NEWEST  fantastic  animal  to  inhabit  the  human  imagination  — 
joining  a  long  list  that  includes  the  dragon,  Gorgon,  Loch  Ness  mon¬ 
ster,  sphinx,  unicorn  and  yeti  —  is  the  data  scientist.  This  mythical 
beastie  has  come  to  dominate  the  dreams  of  many  of  the  otherwise 


sane  people  who  run  organizations.  They  see 
themselves  locked  in  an  epic  struggle,  coming  up 
against  a  horde  of  data  hut  armed  with  inadequate 
skills.  As  this  pitched  battle  rages,  the  cry  is  heard: 
"Data  scientists  will  save  us!” 

Feeding  this  vision  are  troubadours  with  Power¬ 
Point  presentations.  They  show  up  on  the  big  data 
rubber-chicken  circuit  —  that  surfet  of  conferences 
ginned  up  to  take  advantage  of  the  rapidly  growing 
interest  in  high-end  analytics  —  to  sing  a  narrative 
with  three  verses:  There  is  ever  more  data,  goes  the 
Brst  There  is  potentially  hi^  value  in  that  expand¬ 
ing  data  set,  tuns  the  second.  There  is  a  rich  and 
rapidly  expanrUng  tool  set  to  assist  in  extracting 
value  from  that  data,  concludes  the  third.  These 
are  sung  in  a  round  over  and  over  and  over,  but  the 
air  finishes  on  a  very  difierent  note,  with  the  sage 
on  the  stage  saying  smnethir^  to  this  efiect: 

“And  oh,  by  the  way,  you  need  really  bright 
an^ytic  genhises/rocket  scientists/quants/data 
scientists,  who  are  very  rare  and  very  expensive. 
Despite  this,  you  shorrld  buy  our  rools  arul  get 
started  anyway.” 

Naturally,  outcoroes-focused  executives  in  the  au¬ 
dience  firtd  that  conclusion  monumentally  unsatis¬ 
fying.  But  if  data  scientists  are  very  rare,  they  decide, 
they  will  find  them  —  and  recruit  them  at  any  price. 
(See  “Spring  Training  for  B1  Experts,”  page  28.) 

At  the  IT  Leadership  Acatlemy,  we  wanted  to 
fitxl  out  where  this  obsession  with  the  mythical 
data  scientist  was  heading.  We  interviewed  over 
ttjo  executives  charged  with  leading  the  charge  to 
analytic  competence  in  their  organizations.  It  was 


generally  agreed  that  data  science  and  analytics 
is  a  multidisciplinary  field,  and  it  was  widely  con¬ 
ceded  that  it  is  virtually  impossible  to  find  all  the 
necessary  analytical  skills  resident  in  one  human 
being.  The  non-hysterical  in  the  bunch  have  ratio- 
naily  concluded  that  rather  than  stalk  a  mytho¬ 
logical  life  form  —  a  data  scientist  with  all  the 
skills  required  —  they  should  adopt  an  “ensemble” 
approach  to  the  deficit  in  analytical  skills. 

Here’s  how  Scott  Friesen,  director  for  market¬ 
ing  analytics  and  customer  insights  at  Ulta  Beauty, 
explains  this  idea:  “You  have  to  create  a  portfolio 
of  talent  within  a  team.  For  example,  you  might 

a  great  statistician  but  doesn’t 
mechanisnrs.  So  someone 
else  on  the  team  does  the  SQL  pulls  for  the  statisti¬ 
cian,  who  hands  off  to  the  best  communicator.  That 
is  who  communicates  the  message  to  the  business.” 

Glenn  Wegryn,  director  emeritus  of  (^rations 
research  at  Prcxxer  &  Gamble,  skinned  the  analyt¬ 
ical  talent  deficit  in  a  very  innrrvative  way.  As  part 
of  a  multipronged  talent  strategy,  be  scoured  the 
enterprise  for  employees  who  had  analytical  train¬ 
ing  but  weren’t  employed  in  analytical  jobs.  This 
was  a  rich  source  of  affordable  raw  quantitative 
skill.  And  that  should  not  be  surprising.  Just  about 
every  student  participating  in  the  6th  Armual 
EEIC  Engineering  Capstone  Design  Showcase  at 
Ohio  State  Univeisity  demtmsttated  the  raw  skills 
necessary  to  create  value  with  data. 

So  foiget  about  the  data  scientist  bogeyman.  If 
you  are  eager  to  create  value  with  data,  go  out  and 
repurpose  an  engineer.  They  will  love  you  for  it.  * 


ForgeRock  Open  Identity  Stack  is  built 
by  design — never  by  acquisition.  Protect 
your  private,  hybrid,  and  public  clouds,  and 
SaaS,  mobile,  and  enterprise  systems  with 
the  only  unified,  100%  open  source 
identity  stack. 
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SIZING 

UP 

OPEN 

SOURCE 


Open-source  software  throws  a  wrench 
into  traditional  software  evaluation 
criteria.  Here’s  what  to  look  for  and 
what  you’ll  be  expected  to  contribute. 

BY  STACY  COLLETT 


software.  They  would  compare  software  systems’  features,  mobility, 
single  sign-on  capabilities,  look  and  feel,  and  Bexibility,  as  well  as 
their  ability  to  integrate  with  existing  Web  applications. 


SPOTLIGHT  I  OPEN  SOURCE 


But  this  wasn't  an  apples-to-apples 
comparison.  CIO  lames  Webb  threw 
in  a  pair  of  open-source  projects  to 
be  consideTed  alongside  commercial 
software  packages.  While  it  was  easy 
to  compare  the  systems  on  many  of 
the  criteria  (the  open-source  pair 
won  in  all  six  categories),  the  com¬ 
mittee  had  to  add  another  question: 
How  strong  is  the  open-source  user 
community,  and  could  it  help  the  uni¬ 
versity  achieve  its  goals?  The  answer 
was  yes.  and  the  Canyon.  Texas-based 
school  chose  the  two  open-source 
tools:  uPortal,  an  architecture  based 
on  Java  and  XML,  which  also  includ¬ 
ed  support  for  mobile  devices,  and 
lasig’s  Central  Authentication  Service 
(CAS)  for  its  single  sign-on  service. 

“One  of  the  main  reasons  we 
went  with  the  uPortal  open-source 
solution  is  that  Yale.  Rutgers  and  the 
University  of  Wisconsin-Madison  are 
the  major  developers.  So  I  guess  you 
could  say  it  was  built  by  higher  ed  for 
higher  ed,"  says  Webb.  “We  know  we 
have  an  ecosystem  of  great  universi- 


Making  a 
Difference 

SoclaKodinfAGood  Is  ruimliic  «  piM 
profram  with  the  following  nonprofit  or- 
ganirations  that  develop  so-called  human¬ 
itarian  free  and  open-source  software: 

■  Benetech  (literacy/education  for  peo¬ 
ple  with  print  disabilities,  environmental 
conservation  and  human  rights) 

■  Code  for  America  Brigade 

(civic  engagemenO 

■  FrontlineSMS  (disaster  relief, 
healthcare  and  human  rights) 

■  Mozilla  Foundation  (education) 

■  The  Guardian  Project  (human  rights) 

■  Amara,  formerly  Universal  Subtitles 
(accessibility  and  education) 

■  Wfikimedia  Foundation  (education) 


But  there  are  other  things  to  con¬ 
sider  when  looking  at  open-source 
systems,  such  as  the  culture  of  the 
community,  the  consistency  of  the 
product's  quality,  and  how  quickly 
the  community  responds  when  secu¬ 
rity  fixes  and  patches  are  needed. 

“It's  important  to  evaluate  smaller, 
open-source  projects  differently 
than  larger,  corporate-sponsored 
open-source  products.”  says  Tomas 
Nystrom,  a  senior  director  and  global 
lead  for  open  source  at  Accenture. 

There  are  hundreds  of  thousands  of 
small  open-source  projects  or  libraries, 
such  as  NAS  and  Spring,  that  rely 

there  are  open-source  products,  such 
as  Red  Hat  Linux,  which  are  managed 
by,  and  often  owned  by,  companies  that 
are  in  the  business  of  selling  software. 

Sprint  Nextel  decided  that  a  well- 
established  product  would  best  meet 
its  needs  when  it  ventured  cautiously 
into  open  source,  having  grown  tired 
of  paying  vendors  millions  of  dollars 
in  maintenance  fees  for  Web  and  ap- 


soutce  initiative,  supporting  it  and 
providing  additional  features  to  keep 
this  product  innovative." 

Open  source  is  the  new  X  bctor  in  software  selection.  More 
than  50%  of  all  software  purchased  will  be  open  source  by  aoiy, 
according  to  a  2012  survey  of  740  enterprises  released  by  a  col¬ 
laboration  of  26  open-source  companies.  That  finding  signals  a 
tipping  point  for  open-source  software  adoption  in  the  enterprise 
and  nontechnical  fields  such  as  the  automotive,  healthcare  and 
financial  services  industries.  Choosing  the  right  open-source 
offering  could  be  critical  to  an  organization's  success.  But  evalu¬ 
ating  an  open-source  project  holds  more  caveats  and  pitfalls  than 
picking  traditional  software.  IT  departments  must  consider  the 

of  releases,  the  project's  governance  model  and  the  availability  of 
support.  They  also  have  to  consider  whether,  and 
to  what  degree,  they're  willing  to  contribute  code 
and  fixes  back  to  the  community. 

Here,  organizations  that  have  successfully 
adopted  open-source  systems  share  the  criteria 
they  used  to  evaluate  projects  and  their  philosophy 
about  giving  back  to  the  open-source  community. 

‘Projects’ VS. ‘Products’ 

Many  IT  departments  evaluate  open-source  systems 


need  for  support  declined. 

"We  had  built  an  internal  team  who 
was  responsible  for  the  Web  and  apps 
servers,  and  we  believed  we  could  move  to  an  open-source  product 
and  still  be  successfuL”  recalls  Alan  Krause,  director  of  enterprise 
application  integration  at  Sprint.  But  going  it  alone  was  a  scary 
proposition  for  the  CIO  and  a  vice  president,  who  both  wanted  the 
security  of  having  a  vendor  to  lean  on  if  problems  arose. 

“There  really  was  some  trepidation  there,"  Krause  recalls.  So 
the  oiganization  chose  IBoss  Enterprise  Application  Platform 
as  its  new  middleware  and  Red  Hat  Enterprise  Linux  as  its  new 
operating  system.  It  also  used  Red  Hat's  consulting  team  to  help 
with  implementation  and  let  a  Red  Hat  relationship  manager 
serve  as  liaison  with  the  open-source  community. 

"We’re  kind  of  dipping  our  toe  into  open  source,”  Krause  says. 
"We’re  still  paying  some  maintenance  for  it, 
but  it's  significantly  cheaper  than  what  we  were 
payit^  before.” 

When  looking  at  open-source  products  like  Red 
Hat,  the  selection  criteria  are  no  diflerent  from 
those  that  apply  to  commercial  software,  Nystrom 
says.  “They're  considered  to  be  normal  vendors  with 

hi^-quality  products  that  are  comparatively  cheap.’ 

As  open-source  products  gain  traction  at  com¬ 
panies  like  Sprint  Nextel,  IT  departments  will  feel 
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In  such  cases,  Nystrom  recommends  a  bottom- 
up  approach  for  choosing  open-source  projects. 

“Developers  and  architects  know  what  the 
communities  are  like  and  which  are  the  libraries 
that  are  in  much  use  today"  Nystrom  says.  "They 
have  a  clearer  view  of  which  library  we  should 
use  for  which  purpose,  or  which  version  of  some 
type  of  persistent  API  we  should  be  usir^  here,  or 
what’s  the  best  log-in  library.  So  you  can  narrow 
down  the  number  of  libraries  that  are  relevant  for 
the  enterprise  very  quickly  —  frmn  hundreds  of 
thousands  to  probat^  less  than  too,  depending 
on  what  you  want  to  build."  And  hom  there  it's  a 
quick  move  to  a  few  “usual  suspects,”  he  adds. 

West  Texas  A&M  chose  the  CAS  project  for 
its  single  sign-on  system  because  CAS  had  been 
succes^lly  deployed  at  Texas  A&M  University 
in  College  Station  “and  the  references  were  solid."  Webb  says.  His 
team  also  attended  user  events  and  higher-education  conferences 
related  to  CAS  as  part  of  the  decision-making  process. 

It  Takes  a  Village 

For  many  open-source  projects,  the  developer  community  is  the 
UfMood  of  the  software,  and  thtse  who  are  new  to  open  source 
should  know  that  these  communities  all  operate  differently. 

The  well-established  Linux  community,  for  example,  has  oper¬ 
ated  under  founder  Linus  Totvalds’  “benevolent  dictatorship” 
since  its  inception.  But  developers  of  new  projects  often  keep 
tight  control  of  their  communities  as  well. 

WibiData,  a  Hadoop-based  user  analytics  company  that  helps 
organizations  build  data  applications,  provides  part  of  its  soft¬ 

ware  stack  as  open  source  to  make  it  easier  for  rtevekrpers  to  build 
big  data  applications  on  an  HBase  NoSQL  database. 


"Right  now,  99.5%  of  the  software  is  written  by 
our  own  team,"  says  Aaron  Kimball,  chief  archi¬ 
tect  at  WibiData.  "It  takes  a  relatively  long  lime  to 
get  people  to  use  it,  and  for  every  50  people  who 
use  it,  one  might  start  helping  to  contribute." 

Then  there  are  the  radically  democratic  models. 
Developers  who  donate  a  product  to  the  Apache 
Software  Foundation,  for  instance,  must  reach 
a  "lazy  consensus"  with  the  community,  which 
means  “you  need  some  number  of  individuals 
to  give  your  idea  a  thumbs-up  and  for  nobtxfy  to 
give  it  an  explicit  thumbs^fown  —  and  if  they 
do,  they  are  obligated  to  work  withyrxi  to  make 
the  changes,”  Kimball  says.  "It’s  designed  to  slow 
things  down  in  some  ways  so  all  users  can  be 
invested  in  this  and  through  consensus  arrive  at 
the  best  solution."  Although  the  tlevdopers  who 
participate  most  actively  in  writing  source  code  are  expected  to  be 
the  ones  who  are  listened  to  first,  he  adds. 

Is  it  Better  to  Give  Than  to  Receive? 

IT  departments  might  think  that  when  they  buy  into  open  source 
they  also  have  to  actively  participate  in  the  community  to  ensure 
its  survivaL  But  that’s  not  always  the  case. 

With  widely  used  open-source  products  like  Red  Hat, 

“[vendors  ate]  very  much  in  control  of  the  community,”  Nystrom 
says.  And  while  they  do  take  from  the  community,  “they  still 
control  the  product,"  he  adds.  "They’re  not  dependent  on  the 
community  for  the  product  to  be  stable  and  go  forward." 

Sprint  Nextel  currently  relies  on  Red  Hat  consultants  as  its 
liaison  with  the  open-source  community,  but  Krause  believes  the 
company  will  need  less  hand-holding  as  time  goes  by.  "We  will 
eventually  move  away  from  Red  Hat  being  our  support  system 


XIPEN  SOURCE 
Gives  BACK 


portunitiK  to  comrtxitE  their  skills  to  projects  that  benefit  social  causes 
-  as  VMware  does  through  its  KontribiitingCade  initiative,  for  example. 
But  any  company  cw  get  involved 'HI  such  Initiatives. 

Miat  can  axnpanies  and  emptoyees  gain  by  giving  back?  Plenty. 


projects  to  improve  the  lives  of  people  worldwide. 

“It  creates  a  tremendous  professional  development  opportunity  for 
employees."  says  Gerardo  Capiel.  vice  president  of  engineering  at  Bene- 
tech.  which  sponsors  open-source  projects  beneftiing  literacy  and  edu¬ 
cation,  environmental  conservation  and  human  rights.  Some  programs 
leverage  their  company's  existing  technologies  and  can  influence  how 
they  affect  the  world.  Others  let  programmers  choose  their  own  cause 
from  a  list  of  nonprofits. 

Contributing  to  social  change  can  have  an  impact  on  empioyees,  as 
well.  Programmer  Abhi  Mahule  was  looking  to  donate  his  skills  and  time 
to  a  cause  when  he  learned  about  Benetech,  which  wanted  to  huikt  an 
Android-based  e-book  reader  for  the  visually  impaired.  Mahule  took  an 
existing  open-source  e-book  reader  and  adapted  a  version  for  Android 
that  could  "read"  books  akmd  as  audio.  He  built  a  prototype,  and  Bene¬ 
tech  secured  funding  from  the  U.S.  Department  of  Education  to  bring  it  to 
market.  Today,  thousands  of  people  use  the  app.  Capiel  says. 

The  project  "helped  me  [hooel  my  technical  skills.'  says  Mahule.  hut 
adds  that  the  intangible  benefits  were  more  significam.  "It  was  a  source 
of  joy  and  a  nice  feeling  that  in  a  small  way  you're  able  to  contribute,"  he 
says.  "YOU  should  always  look  out  for  a  larger  cause  for  the  greater  good. 
This  is  the  perfect  opportunity  for  that." 


-  SIACV  COLLETT 
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-  and  work  directly  with  the  open-source  com¬ 
munity,"  he  says. 

For  users  of  smaller  open-source  libraries 
or  projects,  communities  ate  much  more 
important. 

"There's  just  a  group  of  people  who  put 
this  together,  and  there  might  not  be  a 
commercial  entity  behind  it,”  Nystrran  says. 

In  these  cases,  developers  ate  expected  to 
contribute,  but  what  if  they  refuse? 

One  open-source  user  says  it's  hard  to  con¬ 
tribute,  or  "pay  it  back,"  when  the  product  is 
industry-speciSc. 

When  Hallmark  Services  Corp.  (HSC)  in 
Naperville,  III.,  was  overhauling  its  back-end 
systems,  it  bought  a  license  for  the  open- 
source  code  of  Healthation,  a  commercial 
oS-the-shdf  system  for  administrating 
healthcare  business  transactions. 

Taking  an  open-source  approach  reduced 
the  amount  of  labor  required  to  complete  the 
project,  enabling  HSC  to  finish  mote  than  nine 
months  early  and  save  $4.8  million  in  labor 
costs,  acconiing  to  Neal  Kadetabek,  CIO  and 
vice  president  of  financial  services.  HSC  is  a  co- 
developer  of  the  software  with  Lisle,  Ill.-based 
Healthation.  and  it  has  the  right  to  exclusive 
use  of  functionality  that  it  developed  —  it 
doesn)  have  to  make  it  available  as  open  source. 

“We  rarely  check  anything  back  in  —  we 
just  take  it  out.  modify  it  and  make  it  unique  to 
rabek  says,  adding  that  HSC  shares  less  than  half  of  what  it  develops 
with  the  community.  “Frankly,  we  think  that  sets  us  apart  from  our 
competitors,  so  why  would  we  want  to  let  the  world  share  it?" 

He  acknowledges  that  Heahhation  was  disappointed  that  HSC 
wasn't  contributing  to  its  open-source  community.  “Their  view 
was  that’s  what  makes  their  product  mote  attractive  to  the  indus¬ 
try.  But  in  this  case,  I  just  felt  like  it  was  our  secret  sauce,”  he  says. 

That's  not  often  the  case,  industry-watchers  say.  Most  open- 
source  applications  are  essentially  commodities,  and  the  platform 
itself  doesn't  usually  hold  many  trade  secrets. 

HSC  processes  $3.5  billion  worth  of  insuratKe  premiums  annually 
and  provides  services  to  about  1.5  million  retail  insutarxe  members. 

The  company  chose  Healthation  because  it  was  the  only 
healthcare  transaction  software  Kaderabek  knew  of  that  was 
available  as  open  source.  With  Healthation.  HSC  could  kick-start 

its  IT  transformation  prt^t  because  the  majority  of  new  core 

functions  were  already  in  place  and  the  IT  team  had  to  custom¬ 
ize  only  about  one-third  of  the  system. 

'This  (open  source]  out  of  the  gate  was  leaps  and  bounds  ahead 
of  the  design  and  architecture"  of  traditional  software  systems. 
Kaderabek  says.  "It  was  built  on  latest  and  greatest  technology;  it 

used  Web  services;  it  was  .Net  using  SQL  server  —  which  all  met 

our  standards.  We  got  more  done  in  a  shorter  period  of  time  and 
didn’t  have  to  add  extra  resources,"  he  says. 

Karlerabek  says  that  even  when  evaluating  small  or  industry- 
specific  open-source  projects,  IT  shops  should  look  for  vendors 
that  specialize  in  maintaining  an  open-source  offering  “Make 
sure  there’s  somebody  out  there  who  can  say,  'I’ve  done  this  for 


This  [open  source] 
out  of  the  gate  was 
leaps  and  bounds 
ahead  of  the  design 
and  architecture  [of 
traditionai  software]. 


the  last  five  years,  and  I  know  people  who 
have  done  what  you’re  doing,'  in  case  you 
need  help,”  he  says. 
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When  K’s  OK  to  Give  It  Away 

Contributions  to  an  open-source  commu¬ 
nity  don’t  have  to  be  huge  to  be  valuable. 

“If  there’s  a  low-level  feature  that’s  a  more 
convenient  way  to  do  something  —  that  saves 
everybody  time,"  says  WibiData’s  Kimball. 
"Sometimes  even  small  changes  that  may  not 
take  mote  than  an  afternoon  to  write  will 
have  an  outsized  benefit  on  usability." 

WibiData  initially  developed  its  entire 
software  stack  alone,  but  in  September  zoiz 
it  decided  to  make  part  of  that  stack  available 
as  open  source  and  released  the  Kiji  project 
in  November. 

Offering  some  tools  as  open  source  ben¬ 
efits  WibiData  in  several  ways,  most  notably 
by  broadening  the  company’s  user  base,  says 
Kimball.  Fundamental  layers  of  the  stack 
have  a  low  value,  and  users  won’t  pay  for 
tools  that  aren’t  unique  to  their  business, 
especially  if  similar  tools  are  available.  Open- 
sourcing  those  layers  introduces  new  users  to 
other  WibiData  offerings.  “There  are  plenty 
of  people  who  can  make  use  of  these  compo¬ 
nents  who  (weren't]  customers  or  potential 

the  same  software  that  our  paying  customers  use,"  Kimball  says. 
“So  everybody  enjoys  increased  reliability  of  the  overall  system 
by  virtue  of  it  being  more  widely  adopted." 

Moreover,  open  source  provides  a  foot  in  the  door  to  compa¬ 
nies  that  might  not  be  rea^  for  a  big-dau  tool  yet.  “If  common- 
based  layers  of  our  overall  system  are  widely  available  through 
open  source,  [developers]  might  just  surt  using  it.  And  later 
on,  when  their  organization  needs  to  get  serious  about  using  an 
t^n-source  application,  it’s  much  easier  for  us  to  go  in  and  sell  to 
those  business  users  because  our  software  already  runs  on  parts 
of  their  suck.  Interoperating  with  it  and  getting  it  to  work  with 
the  rest  of  our  systems  is  much  easier  rather  than  if  they  had 
built  this  same  system  in  a  completely  bespoke  fashion." 

Kiji  has  received  only  a  few  contributions  from  its  developer 
community  so  for,  but  Kimball  believes  that  will  change.  “For 
every  15  people  who  use  it,  one  might  file  a  bug  report  —  without 
providing  a  fix.  But  it’s  very  early  days,”  he  says.  “Where  this  goes 
is  an  open  question." 

The  future  of  open  source  in  general  looks  bright.  Broader 
adoption  will  create  larger  communities  for  testing  and  feedback, 
which  in  turn  will  drive  innovation  in  areas  such  as  cloud  com¬ 
puting,  mobile  and  big  data,  according  open-source  vendors. 

The  innovation  cycle  is  also  creating  new  business  models. 
“Open  source  is  key  to  a  company’s  ability  to  innovate  and 
susuin  innovation  with  financial  benefits,  interoperability  and 
a  supportive  community,"  Webb  says.  “Those  ate  the  things  that 
are  going  to  keep  it  going."  • 

Collett  is  0  Computerworld  contributing  writer.  Km  con  contact 
her  at  stcoMett@camcast.net. 
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The  risk  might  be  limited,  but  if  [people  start]  sucking  in 
whatever  they  ¥«mt,  there  can  be  issues.  Open-source  software 
comes  with  all  sorts  of  strings  attached. 

CLARK  0.  ASAY.  VISITING  ASSISTANT  PROFESSOR.  DICKINSON  SCHOOL  OF  LAW.  PENNSYLVANIA  STATE  UNIVERSITY 


into  the  company.  The  risk  might  be  limited,  but  if  (people  start] 
sucking  in  whatever  they  want,  there  can  be  issues.  Open-source 
software  comes  with  all  sorts  of  strings  attached.”  says  Clark  D. 
Asay.  a  visiting  assistant  professor  at  Pennsylvania  State  Univeisity's 
Dickinson  School  of  Law,  whose  research  focuses  on  legal  issues 
relating  to  the  Internet  and  arisii^  hom  technological  change. 

Each  piece  of  open-source  software  has  specific  license 
retpiireroents  and  possible  restrictions.  At  the  same  time,  the 
software  should  be  documented  and  tracked  to  ensure  that  it’s 
working  properly.  The  problem  is,  many  IT  organizations  aren’t 
applying  good  governance  practices  to  open-souice  software. 

“The  overwhelming  majority  of  open-source  assets  used  in 
corporate  IT  are  either  significantly  undermanaged  or  completely 
unmanaged."  says  Mark  Driver,  an  analyst  at  Gartner. 

Driver  acktunv|edges  that  management  of  open-source  soft- 


“For  some  reason,  it  has  escaped  the  traditional  management 
channels.  It  escapes  procurement  almost  completely  because  [it’s 
free].  And  it  escapes  a  lot  of  technical  evaluation  because  devel¬ 
opers  can  just  download  it,"  he  says. 

Shaya  Phillips,  associate  vice  president  for  IT  at  Fordham 
University,  says  his  IT  department  knows  what  can  happen  when 
open-source  tools  aren't  managed  properly,  so  it’s  trying  to  get 
ahead  of  that  problem. 

He  and  his  colleagues  see  value  in  open  source  —  it’s  free, 
flexible  and  adaptable.  But  they’re  also  aware  of  the  challenges 
involved  in  maintaining  it.  Phillips,  who  is  active  in  the  Society 
for  Information  Management,  says  it’s  tough  to  determine  when 
to  contribute  changes  to  the  open-source  community,  when  to 
make  updates  and  patches,  and  when  to  pay  for  support  services. 

To  balatKe  the  risks  and  rewards,  Phillips  says  his  IT  depart- 


licenses  specify  how  the  code  can  be  used. 

There  are  numerous  open-source  licenses,  with  the  GNU 

General  Public  License  being  the  most  widely  used.  The  licenses 
generally  specify  if  or  when  you  have  to  publicly  disclose  the 
code's  use,  attribute  it,  and/or  contribute  changes  and  modihca- 
tions  back  to  the  community  from  whence  the  code  came. 

/ksay  explains  that  restrictions  and  require¬ 
ments  most  often  come  into  play  when  the  entity 
using  the  open  source  code  distributes  the  final 
software  package  to  someone  else. 

“If  people  ate  just  pulling  it  in  and  there’s  zero  j 

chance  it  will  make  it  out  the  door,  no  one  will 

any  threat  of  IP  or  patent  infringement.  (Nagappan  ixrtes  that 
commercial  software  also  goes  through  a  legal  review,  but  that 
happens  later  in  the  procurement  process.) 

“Then  we  do  a  small  pilot.  A  small  team  downloads  it,  they 
make  sure  it's  working,  then  goes  into  the  development  cycle 
—  they  test  it  and  make  sure  there's  no  bug.  It’s  like  a  proof  of 

concept,"  he  says,  noting  that  IT  also  looks  at  the 
tctal  cost  of  ownership  and  compares  it  against 
the  TCO  of  comparable  commercial  products. 

If  it  passes  all  those  checks,  the  co^  then 
becomes  part  of  the  company’s  catalog  of  open- 
source  options,  which  are  tracked  in  Pershing’s 

obligations.  Distribution  is  the  trigger  that  ' 

makes  the  license  obligations  real."  he  says. 

But  in  this  day  and  age,  when  so  many  IT 
organizations  develop  apps  for  customers  to  use 
when  interacting  with  companies,  developers 
may  cross  that  distribution  threshold  more  often 
than  they  realize,  Asay  says.  And  that  could 
mean  legal  trouble. 

“You  have  this  culture  [that  thinks]  'Hey, 
we're  free  to  use  it.  We  can  avoid  having  to 
reinvent  the  wheel.’  But  if  you  don’t  follow  the 
license  conditions,  then  the  copyright  holder  can  bring  an  injunc¬ 
tion  and  get  statutory  damages."  Asay  says. 

Ramaswamy  Nagappan,  co-CIO  at  Pershing,  says  such  risks  ate 

ment  application.  That  ensures  that  “people 

don't  download  something  that  does  the  same 
function  as  something  we  already  have,"  he  says. 

KarimR.Lakhani.  an  associate  professor  at 

Harvard  Business  School  who  has  extensively 
mr  studied  the  emergence  of  open-source  soitware 

*  communities,  says  more  organizations  are  de- 

veloping  strong  management  policies,  aided  by 
evolving  tools  and  service  providers.  But  more 

organizations  still  need  to  lake  up  the  charge. 

“IT  executives  do  need  to  pay  attention  to  this 
and  create  an  inventory  of  code  they’ve  brought  in,  with  what  the 
licenses  are.  But  most  organizations  don’t  have  good  control  over 
what  their  obligations  are,  both  to  the  commercial  sector  as  well 
as  to  the  c^n-source  sector."  he  says.  But  they  should,  he  adds. 

a  hit  more  than  —  commercial  software.  And  that’s  Per^ng 

has  detailed  protocols  for  when  and  how  it  uses  open  source. 

Those  protocds  first  require  that  the  open  source  code 
proposed  for  use  undergoes  a  legal  review  to  check  its  licensing 

CheddistoF 

BESTPRAQICES 

noting  that  "software,  both  open  source  as  well  as  commercial, 

comes  with  a  lot  of  encumbrances."  ♦ 

Pratt  is  a  Computerwoiid  contributing  writer  in  Wallham.  Mass. 

Conloci  her  at  marykpratt@verizon.neL 

mportaih  to 'Ynate  sure  irt  patched."  says  Gartner  analyst  Mark  Oriver. 

■  conduct  a  iMpI*  KM  or  audK.  AS  is  the  case  with  financial  audits, 
rs  impossible  to  conduct  a  comprehensive  check  ol  everything  that’s  done 
using  open  source,  blit  you  can  look  at  a  sampling  of  uses  and  mate  sure 
they  meet  all  the  applicable  guidelines,  says  Grandchamp. 

datkm  or  the  linux  Foundation  have  examples  that  you  can  lolow. 

-ReiTKire  the 'open  stxra.'becaise  open-source  software 
isiustsoftware.-hesays.ad(kngthalthebestpracticesthat 

IT  uses  when  managing  commercial  software  apply  to  open  source  code.  too. 

But  Grandchamp  and  others  say  open-source  management  protocols 
beneflt  from  other  strategies  too.  He  and  others  recommend  the  following; 

■  it»twWiid»MidpBfcT.  "You  have  to  mate  some  statements 
about  what  you're  wHing  to  do  and  not  willing  to  da"  Grandchamp  says. 

•The  big  thing  about  ttK  pofcy  is  understanding  the  risk  tnterancB  o<  the 
company,  because  it  realy  diould  be  a  risk-based  poky." 

that  your  organization  is  using  or  might  consider  using. 

■  Tiatliaiii— Cl  Mfftei  MCI  rslwtlwdooc.  It's  especially 

_ L_ 

opoo  foorca  coda.  As  Penn  state  assistant  professor  Clark  D.  Asay  poims 
out.  many  open-source  license  requirements  are  triggered  when  code  is 
distribiited  to  users  outside  of  your  organization. 

the  license.' he  says.  "Not  all  open-source  icenses  are  created  equal’ 
a  Dorrfotoftrteogy  for  how  your  engineers  will  work  with  and  engage 
the  open-source  communtty. 

•It  cant  be  just  hr  IT.  because  you  might  have  people  in  other  depanmems 
downloading  k."  Driver  says. 
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CAREERS 


Ifsawrholenew 
ballgamefbr 
traditional  data 
analysts,  as  training 
focuses  on  deep 
knowledge  of  statistics 
and  computer  science. 

BY  JULIA  KING 


SPRING 

TRAINING 

tor  Bl  Experts 


SK  A  DOZEN  CIOs  what  tops  their  list  of  strategic  priorities  and 
odds  are  exceedingly  good  that  “big  data"  ranks  either  first  or 
second.  One  of  the  greatest  challenges,  they’ll  tell  you,  is  finding  the 
talent  they  need  to  analyze  and  wring  business  value  from  the  ever- 
increasing  volume  of  complex  data  flooding  their  enterprises.  What 
they  need,  they  say,  are  good  data  scientists  —  and  lots  of  them. 

In  one  of  the  most  frequently  cited  reports  on  the  topic,  the 
McKinsey  Global  Institute  estimates  that  there  will  be  a  short¬ 
fall  of  190,000  data  scientists  in  the  IT  job  market  by  2018. 


28 


expert?  Is  a  computer  science  degree  required? 

As  it  turns  out,  there  is  no  one  right  answer, 
at  least  not  at  the  moment.  Instead,  it's  largely  a 
scramble  out  there  on  the  big  data  field. 


touch  point  ytxi  have  with  employees,  partners  and 
customeis,”  he  says.  “Big  data  is  about  taking  all  of  that 
data  together  and  using  it  to  optimize  business  or  in¬ 
ventory  levels  or  to  better  target  customers.  That’s  the 
trick  of  the  whole  thing.  You  need  people  who  ate  good 
at  handling  large  volumes  of  data  and  have  knowledge 
of  math  and  statistics  to  analyze  the  data." 

Recognizing  this  as  early  as  2005,  NC  State 
created  the  Institute  for  Advanced  Analytics,  which 
pulls  together  faculty  members  from  various  disci¬ 
plines  and  teaches  data  science  “in  a  very  integrated 
way,"  Rappa  says.  Students  take  technical  courses  in 
statistics,  finatrce  and  business,  and  they  learn  com¬ 
munications  and  teamwork  skills,  which  Rappa  says 
“almost  always  trump  the  technical  skills,"  as  fiu-  as 
employers  are  concerned. 

Teamwork  skills  are  critical,  he  says,  because  “you 


Big  data  is  like  a  kMs' soccer 
game.  Everyone  is  running 
to  the  bally  but  no  one  knows 
exactly  what  to  do  with  it  It 
has  created  a  huge  competition 
for  people. 

GREG  MEYERS,  CIO.  BIOGEN  IDEC 


CAREERS 


[In  data  sdenc^  you  need 
people  who  are  good  at  handling 
large  vohanes  of  data  and  have 
knowledge  of  math  and  statistics 
to  analyze  the  data. 

MICHAEL  RAPPA,  EXECUTIVE  DIRECTOR,  INSTITUTE  FOR  ADVANCED 
ANALYTICS.  NORTH  CAROLINA  STATE  UNIVERSITY 
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can’t  wrap  up  all  of  the  [data  scientist)  skills  you  need 
in  a  single  person."  (See  “Stalking  the  Elusive  Data 
Scientist,"  page  14.)  Instead,  data  scientists  typically 
work  in  teams.  IBM,  for  example,  mixes  statisticians 
with  MBAs  in  its  Data  Analytics  Center  of  Excellence, 
which  helps  businesspeople  determine  what  questions 
they  need  data  to  answer.  The  center’s  goal  is  to 
generate  revenue  thnxigh  a  marriage  of  business  savvy 
and  aralytics,  says  OO  Jeanette  Horan.  One  project 
optimized  sales  coverage  in  the  170  countries  in  which 
IBM  operates,  yielding  a  10%  performance  improvement 
in  territories  where  the  modek  weie  applied. 
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Security^P 
f  Manager’s  i 

Journal 


Plans  Are  Made  to  Be  Revised 


Ware  always  document 
ing  processes  and  plans. 
It's  a  task  without  end, 
because  you  have  to 

dust  off  those  documents  every  once  in  a 
while  and  think  about  how  they  could  be 
updated.  Organizations’  needs  are  always 
changing,  and  so  is  technology,  so  what 
was  a  great  plan  a  couple  of  years  earlier 
mi^  have  some  gaping  holes  now. 

Such  was  the  case  with  our  incident- 
response  plan.  I  had  reason  to  review  it 
recently,  and  it  clearly 
needed  modernization. 

One  thing  I  have 
learned  over  the  years 


program  against  a  standard,  it  is  likely 
to  receive  less  scrutiny  in  an  audit,  since 
it  will  be  in  a  form  that  is  recognizable 
and  accepted  in  the  industry.  That’s  why 
I  decided  to  use  the  incidefit-response 
recorrunendations  from  the  National  Insti¬ 
tute  of  Standards  and  Technology  (NIST) 

will  want  to  customize  its  plan  for  its  own 
needs,  but  building  on  a  widMy  used  and 
solid  ffamework  is  a  big  help. 


With  NIST’s  recommendations  as  our 
guide,  we  broke  our  incidem-respoose 
process  iitto  four  phases:  preparation; 
detection  and  analysis;  containment  and 

Preparatioa  is  in  many  ways  the  most 
important  phase.  It  iiKludes  identifying 
the  membm  of  the  crisis  action  team 
(CA’T).  Besides  representatives  from 
informatioo  security,  we  wanted  the  CAT 
to  include  Windows  and  Unix  engineers, 
network  engineers,  help  desk  persotmel 
and  local  law  enforcement  officials. 

Having  chosen  these 

■  people,  we  obtained  full 
and  redundant  contact 
inffirmatkmlbrallof 
them,  so  we  could  be 
sure  we’d  be  able  to 


incident.  Then  we  designated  certain 
conference  rooms  to  serve  as  "Var  rooms” 
and  secured  a  dedicated  call-in  brk^  and 
an  email-enabled  distribution  list  In  this 
phase  we  also  lined  up  all  the  relevant 
tools  we  m^ht  need  to  detect  or  leqrond 
to  incidents,  including  packet  captur¬ 
ing,  malware  analysis,  event  monitorii^ 
and  forensics  rods.  Finally,  we  identified 
trusted  third  parties  to  be  on  call  in  case 
we  need  expert  assistance. 


CAT.  For  example,  a  single  PC  hit  by 
malware  is  insufficient,  but  the  detectior 
of  malware  that’s  quickly  prr^gating 
could  well  require  a  full  CAT  response. 
To  help  us  decide  when  the  cavalry  is 
needed  we  are  creating  a  matrix  to  lay 


dence  collection,  damage  assessment  and 
identification  of  the  attackers.  We  are 
also  preparing  checklists  to  help  ensure 
proper  eradication  and  containment  of 
whatever  malicious  activity  the  incident 
involves.  For  example,  a  checklist  might 
address  what  to  do  when  a  Windows 
server  is  compromised. 

For  the  post-IncMcilt  phase,  we  are 


on  post-mortems  so  we  can  identify  what 
went  well  and  what  needs  improvement. 

Once  the  incident-response  process 
document  is  complete,  we’ll  start  sched¬ 
uling  training  sessions  and  then  regular 


U  One  thing  I  ham  learned  over  the  years  is  it’s  a 
mistake  to  start  hnom  scratch  with  these  things. 
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vmware 


Call  for  Submissions 

VMware  Innovation  Awards 
—  Submit  Now 


•  Have  you  and  your  team  completed  a  project  that  had 
a  positive  impact  on  your  cbmpany  or  industry? 

•  Was  it  a  project  that  helped  to  transform  the  experience 
for  employees  or  customers? 

•  Did  you  and  your  team  complete  the  project  despite  internal 
and  external  challenges? 

•  Have  you  leveraged  VMware’s  technology? 

Then  It’s  time  to  share  your  story  and  gain  recognition  for  your 
leadership.  Nominations  are  now  being  accepted  for  the  first 
annual  VMware  Innovation  Awards,  produced  by  Computerworld. 

The  innovation  categories  are  (multiple  entries  are  accepted): 

—  Driving  Business  Innovation  with  the  Cloud 
—  Enabling  True  Session  Mobility 
-  Leveraging  the  Software-Defined  Data  Center 
—  Transforming  the  Workforce  with  New  Technologies 

Winners  will  be  selected  by  a  prestigious  panel  of  judges 
and  honored  at  VMworld  on  August  27th  in  San  Francisco. 

Get  more  information  and  nominate  your  project: 
http://events.computerworld.com/vmwareawards 

Nomination  deadline:  May  31,  2013 
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Microsoft’s  Smartwatch: 
Been  There,  Didn’t  Do  That 


Th  is  is 
shaping  up 
as  another 
example  of 
Miffosoft 
getting  toa 
market  first 
and  failing 
to  cash  in. 


ComputermrU-Com 
contributing  editor 
and  the  author  of 
more  than  35  books, 
including  Now  the 
Internet  Works 
(Que.2006). 


PPLE,  GOOGLE  AND  SAMSUNG  are  all  said  to  be  working  on  smart- 
1  watches.  This  is  shaping  up  as  yet  one  more  example  of  Microsoft 
t  getting  to  a  market  first  and  then  failing  to  cash  in. 

1  Various  reports  say  Apple  is  working  on  what  would  presumably 


called  the  iWatch.  Because  we’re  talking  about 


Apple,  there  has  been  no  confirmation  of  those 
reports,  but  as  many  as  lOO  product  designers  are 
said  to  be  hard  at  work  <m  it.  Google's  Android 
division  may  also  be  working  on  a  smartwatch. 

Its  offering,  sources  say,  would  work  not  only 
with  Android  smartphones  and  tablets,  but  with 
Goo^e  Glass  as  well.  Arrd  Samsung  has  confirmed 
that  it’s  working  on  a  smartwatch. 

With  so  much  activity  focusing  on  the  intersec¬ 
tion  of  technology  and  the  human  wrist,  Micro¬ 
soft  is  paying  attention  and  is  said  to  be  making  its 
own  moves  toward  developing  a  smartwatch.  But 
in  Microsoft’s  case,  that  should  read  "developing 
a  smartwatch  again.”  That’s  because  Microsoft 
pioneered  smartwatches  years  ago,  and  then  aban¬ 
doned  the  crmcept. 

Nearly  two  decades  ago,  in  rggs,  Microsoft  and 
Timex  co-developed  the  Timex  Data  Link  watch, 
which  wirelessly  downloaded  and  displayed  data 
from  Windows-based  PCs.  Though  worn  by  both 
astronauts  and  cosmonauts  on  space  missions 
and  given  Popular  Science’s  Best  of  What’s  New 

and  Engineering  Award,  it  never  made  a  dent  in 
the  market,  and  Timex  and  Microsoft  abandoned 
it.  Then  in  2003,  Microsoft  launched  its  Smart 
Watch,  which  delivered  news,  weather,  traffic 
information  and  mote  over  FM  frequencies.  The 
Smart  Watch  was  based  on  Microsoft’s  Smart 
Personal  Objects  Technology  (SPOT),  which  was 
meant  to  be  applied  to  an  entire  fleet  of  gadgets, 
from  coffee  makers  to  GPS  devices. 

That  never  happened.  The  watches  were  bulky 


and  expensive  (one  model  sold  for  $800),  and  the 
SPOT  service  required  a  $59  annual  subscription. 
In  2008,  Microsoft  stopped  selling  the  watches, 
while  still  supporting  transmissions  to  existing 
ones.  At  the  end  of  201 1,  it  pulled  the  plug  entirely. 

Now,  in  2013,  Microsoft  finds  itself  not  at  the 
vanguard  of  a  burgeoning  trend,  but  playing  catch¬ 
up.  The  Wall  Street  Journal  says  Microsoft  has  con¬ 
tacted  parts  suppliers  in  Asia  to  ship  components 
for  a  smartwatch.  No  doubt  the  company  has  seen 
Gartner’s  estimate  that  the  wearable  electronics 
market  will  teach  $to  billion  by  2016. 

Why  is  Microsoft  following  and  not  leading? 
One  reason  is  that  there’s  a  disconnect  between 
its  substantial  research  capabilities  and  its  product 
development  efforts.  Microsoft  far  outspends 
Apple  and  Google  on  research  and  development 
—  its  $9.4  billion  budget  is  nearly  double  Google’s 
$5.2  billion  and  more  than  triple  Apple’s  $2.6 
billion,  according  to  S&P  Capital  IQ  —  and  it  has 
been  the  company  with  the  world’s  largest  RStD 
budget  for  the  past  12  months.  Clearly,  Apple  gets 
a  far  bigger  bang  for  its  buck  when  it  comes  to 
matching  research  to  product  development. 

Another  proUem  is  Microsoft’s  protect-your- 
own-turf  culture,  which  makes  it  dilficuh  for  it 
to  develop  products  that  span  departments.  And 
it  doesn’t  help  that  Microsoft  demands  that  all  its 
products  lead  back  to  Windows.  That  bit  of  turf- 
guarding  holds  back  irmovation. 

This  all  reminds  me  of  what  happened  with 
smartphones  and  ublets.  In  both  cases,  Microsoft 
had  the  jump  on  Apple  but  couldn’t  cash  in.  It’s  hard 
to  believe  that  things  will  he  different  this  time.  ♦ 
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MARKETPLACE 


dtSearcK 


The  Smart  Choice  for  Text  Retrieval’  since  1991 

Instantly  Search 
Terabytes  of  Text 

•  25+  fielded  and  full-text  search  types 

•  dtSearch's  own  document  filters  support  "Office," 

PDF,  HTML,  XML,  ZIP,  emails  (with  nested  attachments), 
and  many  other  file  types 

•  Supports  databases  as  well  as  static  and  dynamic  websites 

•  Highlights  hits  in  all  of  the  above 

•  APIs  for  .NET,  Java,  C++,  SQL,  etc. 

•  64-bit  and  32-bit;  Win  and  Linux 

Ask  about  fully-functional  evaluations 

www.dtSearch.com  i-800-it-finds 


dtSearch  products; 

^  Desktop  with  Spider 
❖  Network  with  Spider 

Publish  (portable  media)  ! 

^  Web  with  Spider  ; 

^  Engine  for  Win  &  .NET  ; 

Engine  for  Linux  | 

Document  filters  also  available  j 
for  separate  licensing _  i 


pick  the  topics.  pick  the  sources.  pick  the  frequency. 

Build  your  own  newsletter  featuring  your  favorite  technology 
topics  —  cloud  computing,  application  development,  security  — 
over  200  timely  topics,  from  more  than  700  trusted  sources. 


It's  free. 

www.techdispenser.com 


A  PREMIER  too  IT  LEADER 


Cynthia  Nustad 

The  CIO  at  HMS  answers  quest  ions 
on  the’ job  prospects  for  a  mainframe 
programmer  and  more. 


mmmtammmatthaumtttrm 


■Rli30yHnafa|Mfianc&Wejusthadav«ry 

lengitiy  discussion  on  tlie  loiiic  at  my  axiipany. 
We  St*  successfuHy  leverage  die  mainftanie  for 
some  of  our  products  and  get  gieat  performance 
and  scale  from  sudi  equipmenL  One  thing  we 
considered  in  our  discussion  was  whether  there 
would  be  enough  talent  10  to  15  years  from  now 
to  work  on  those  tools.  Our  vendor  was  able  to 
put  our  minds  at  ease  by  telling  us  about  universi¬ 
ties  that  are  growing  their  educational  offerings 
to  teach  students  these  technohigies.  In  short.  I 
think  the  prospects  continue  to  be  good  for  expe¬ 
rienced  mainfianie  talenL 


aduhtf  These  are  very  exciting  areas  In  IT.  I 
would  recommend  spending  the  bme  to  get  cer- 


can  be  time-consuming,  and  clearing  the  testing 
hurdlesischallenging.But  certifications  will  set 
you  apart  from  others  trying  to  get  the  same  job 
and  will  help  advance  your  career.  And  because 
network  administration  and  forensics  are  chang¬ 
ing  quickly,  recently  minted  certs  are  a  way  of 
telling  employers  that  you  are  keeping  up  to  date. 

I  liken  the  network  to  the  heanbeat  of  a  compa¬ 
ny  -  you  donT  want  it  to  skip  a  beat,  so  maximum 
uptime  is  imperative.  That  means 
security  and  risk  management 
should  be  part  of  the  discipkne. 

Finally,  you  should  develop 
your  skills  in  public  speaking, 
presentations  and  communica¬ 
tions.  This  is  helpful  for  areas  like 
these  that  are  routinely  audited 


clearly  explain  key  aspects  of  these  important 
areas  -  such  as  how  they  help  drive  business 
value  -  to  executive  leaders  and  other  nontech¬ 
nical  people  will  also  contribute  to  your  success. 

what  are  the  best  progranmiing  languages 
to  be  faitiHlar  with  for  someone  entering 
the  IT  field  today?  Currently,  there  is  tremen¬ 
dous  employer  demand  in  many  programming 
areas.  The  key  thing  to  do  is  ensure  that  your 
capabilities  are  well  rounded.  A  program¬ 
mer  who  can  do  analysis,  create  database 
structures,  write  clean  code,  create  testing 
structures  and  clearly  communicate  all  that  has 
been  done  is  a  very  valuable  asset. 

Businesses  are  seeing  the  data  that  they  retain 
and  analyre  proliferate.  That  means  that  people 
who  understand  the  programming  used  to  sup¬ 
port  data  and  analytics  are  particularly  in  demand. 
If  your  interest  lies  In  this  direaion.  you  should  get 
to  know  and  understand  key  new  data  technolo¬ 
gies.  ETl  languages  and  business 
intelligence  tools.  If  your  passion 
is  to  create  applications  and  sys¬ 
tems,  we  seem  to  be  looking  for 
java  and  .Net  talent  constantly. 

'  Lastly.  I  always  suggest  that  you 
investigate  and  leverage  open- 
source  tools.  They  can  be  excellent 
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d.  And  being  able  to 
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backup  m^ia,  so  I  pulled  out  a  back¬ 
up  log  report  from  five  years  ago  and 


vendor  rep  giving  lb 
‘Whyvrouldlvranlthi 


"Can  we  just  get  on  with  the  demo 
and  skip  all  of  this?'  bigwig  bellows. 


four-drawer  file  cabinet  dedicated  for 
backup  logs.  ‘I  asked  If  1  could  see 
where  the  backup  logs  were  kept." 


capability  and  reliability  we  need  in 
our  phone  system,  we  need  to  imple 
ment  this  immediately!' " 


A  little  while  later.  Fish  receives  a 
follow-up  email:  "Please  disregard. , 
truck  with  a  pizza  logo  was  parked  I 
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IT  pilot  fish  is  at  a  client  site  to  do  an 
upgrade,  and  the  client  proudly  men- 
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I  FIRST  HEARD  THE  PHRASE  “the  year  of  mobile”  in  1999.  If  you  had 
told  me  then  that  companies  like  Microsoft,  Motorola  and  Nokia 
would  be  lesser  hghts  on  the  mobile  stage  by  2012  (the  actual  year 
of  mobile,  by  the  way),  I  would  have  laughed.  That’s  why  I  love  this 
industry:  It  changes  while  you  watch,  Tvith  new  developments  snicking 
into  nlace  hke  the  next  frame  of  a  slide  deck. 


In  this  slide:  The  term  PC  industry  has  been  ren¬ 
dered  obsolete  by  the  dramatically  slowing  growth 
of  PC  sales  and  the  rapid  adoption  of  mobile  tech¬ 
nologies.  Gartner  reports  that  at  the  end  of  2012, 
the  worldwide  installed  base  of  notebook,  desktop 
and  tablet  PCs  was  over  1.75  billion.  In  October  of 
last  year.  Strategy  Analytics  tagged  the  number 
of  smartphones  currently  in  use  at  over  1  billion 
globally,  and  it  projects  that  the  installed  base 
of  tablets  will  surpass  780  milUon  in  2016.  But 
wait,  shouldn't  tablet  numbers  and  smartphone 
numbers  be  rolled  up?  I  don’t  think  so. 

The  tablet  phenomenon  is  separate  from,  and 
less  mobile-specific  than,  the  smartphone  phe¬ 
nomenon.  It's  easy  to  think  of  smartphones  and 
tablets  as  the  fraternal  twins  of  mobile  computing. 
They  aren't.  The  tablet  is  less  the  newest  mobile 
device  than  it  is  a  thinner,  ligjiter  incarnation 
of  the  PC.  The  tablet  will  heavily  influence  both 
smartphones  and  PCs,  but  it  is  transitional. 
Smartphones  are  much  better  adapted  to  mobile. 
The  smartphone  is  a  game-changer  that  has  had  a 
profound  effect  on  li^tyles  and  workstyles. 

The  dichd  about  tablets  is  that  they’re  media- 
consumption  devices,  not  content-creation 
devices.  But  that  argurnem  ignores  the  facts. 

Why?  Because  despite  what  the  pundits  opine,  h's 
human  nature  to  create  content,  and  all  forms  of 
computing  require  input  of  at  least  short  strings 
of  text  It's  easier  to  do  that  on  the  go  with  a 
smaller,  hand-size  smartphone  than  it  is  with  a 
larger  tablet.  Touchscreen  user  iitterfoces  spur  you 


to  hold  the  device  with  one  hand  and  tap,  scroll 
and  swipe  the  screen  with  the  other.  But  to  use  a 
tablet’s  virtual  keyboard  efficiently  —  with  two 
hands  —  you  need  to  prop  a  9-  or  lo-inch  device 
on  a  table  or  your  lap.  And  it’s  awkward  to  use  a 
two-thumb  typing  approach  on  larger  tablets.  The 
transition  from  touch  manipulation  of  the  screen 
to  entering  text  is  fairly  natural  with  a  smart¬ 
phone.  With  a  tablet,  it  can  be  tiresome. 

The  tablet  is  a  very  immature  device,  with  a 
user  interface  designed  for  a  much  smaller  form 
factor.  That  may  be  why  tablets  are  shrinking 
to  7  mcbes  and  smartphones  are  expanding  to  5 
inches.  Somewhere  in  that  middle  ground  there 
may  be  a  happy  medium.  We  just  don’t  know. 

A  lot  more  itmovation  is  desperately  needed  for 
mobile  hardware  design  and  (^tforms.  Are  Aj^le, 
Goo^,  Samsung  and  Microsoft  up  to  the  task? 

Some  peo(Je  question,  for  example,  whether 
Api^e  has  lost  its  innovation  mojo.  I  think  we’re 
going  to  find  out,  but  I  wouldn’t  bet  against 
Cupertino  just  yet.  Some  think  Google  is  losing 
interest  in  Android.  Samsung  is  merely  adding  the 
latest  available  technologies  with  every  product 
release;  that’s  not  innovation.  As  for  Microsoft,  its 
Surface  Pro  is  a  surprisingly  thoughtful  hardware 
design,  but  Windows  8  was  hustled  out  the  door. 

Just  at  the  moment  when  mobile  innovation  is 
most  needed,  the  market  leaders  may  have  taken 
their  eyes  off  the  toad.  Perhaps  that  slkle  deck  is 
about  to  advance  another  frame.  • 


Discussion 

Underway 


(want  in?) 


The  Computerworld  Linkedin  Forum 
IS  a  community  for  all  things  IT: 
news,  analysis  and  discussion  about 
topics  within  IT,  including  careers, 
management  and  hot  topics. 

If  you  are  an  enterprise  IT  practitioner 
at  any  level  we’d  love  to  have  you  join. 

Apply  for  membership  today  at 


COMPUTERWORLD 

on  Linked  in 


Twice  the  virtualization. 

Lower  management  costs. 

None  of  the  compromises. 

MDu’ve  been  Icxiking  for  IT  solutions  that  meet  the  increasingly  sophisticated  demands 
on  your  infrastructure.  IBM  Flex  System,'”  featuring  Intel®  Xeon®  processors,  provides 
simplicity,  flexibility  and  control  in  a  system  that  doesn't  require  compromise. 

It  supports  up  to  twice  the  number  of  virtual  machines  as  the  previous  generation  of 
blade  servers.'  And  IBM  Flex  System  Manager  "  can  help  reduce  management  costs 
by  providing  visibility  and  control  of  all  physical  and  virtual  assets  from  a  single  vantage 
point.2 

You  can  select  individual  elements  and  integrate  them  yourself  or  with  the  support 
of  an  IBM  Business  Partner.  Or  you  can  choose  an  IBM  PureFlex  ”  System  and 
leverage  IBM’s  expert  integration  for  an  even  simpler  experience.  Learn  more  at 
ibm.com/systems/no_compromise 


